- Description
- A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:P
- nvd@nist.gov
- CWE-125
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opendesign:drawings_sdk:2019:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D3AFC91-0661-4B93-A08F-E04C1C00DC0B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10DD6CB3-ED55-465D-AB98-13EFD013AE47"
},
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562"
}
],
"operator": "OR"
}
]
}
]